summaryrefslogtreecommitdiffstats
path: root/crypto/shash.c
diff options
context:
space:
mode:
authorNeal Cardwell <ncardwell@google.com>2015-02-06 16:04:40 -0500
committerDavid S. Miller <davem@davemloft.net>2015-02-08 01:03:12 -0800
commitf2b2c582e82429270d5818fbabe653f4359d7024 (patch)
tree1e0545a57b7df4c2ee5a43c131386d453539c68d /crypto/shash.c
parenta9b2c06dbef48ed31cff1764c5ce824829106f4f (diff)
downloadlinux-f2b2c582e82429270d5818fbabe653f4359d7024.tar.bz2
tcp: mitigate ACK loops for connections as tcp_sock
Ensure that in state ESTABLISHED, where the connection is represented by a tcp_sock, we rate limit dupacks in response to incoming packets (a) with TCP timestamps that fail PAWS checks, or (b) with sequence numbers or ACK numbers that are out of the acceptable window. We do not send a dupack in response to out-of-window packets if it has been less than sysctl_tcp_invalid_ratelimit (default 500ms) since we last sent a dupack in response to an out-of-window packet. There is already a similar (although global) rate-limiting mechanism for "challenge ACKs". When deciding whether to send a challence ACK, we first consult the new per-connection rate limit, and then the global rate limit. Reported-by: Avery Fay <avery@mixpanel.com> Signed-off-by: Neal Cardwell <ncardwell@google.com> Signed-off-by: Yuchung Cheng <ycheng@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'crypto/shash.c')
0 files changed, 0 insertions, 0 deletions